Fix various issues
The fixes here include typos, removals of deprecated paths, fixes for first-boot-only systemd targets and related MariaDB migrate machinery, better logging for Postfix, and an increase in the default request body size for the default NGINX ingress.
This commit is contained in:
parent
40823a31de
commit
75765576dc
|
@ -71,7 +71,7 @@ but also be managed throughout the server's life-cycle.
|
|||
|
||||
The mechanisms for building and deploying services are simple and fairly consistent. Firstly, Podman
|
||||
containers and systemd services are built and enabled using the included `container-build` systemd
|
||||
service. This will read files from `/etc/container-services` (copied onto the server during
|
||||
service. This will read files from `/etc/container-service` (copied onto the server during
|
||||
deployment) and build container images and systemd service definitions as needed.
|
||||
|
||||
## License
|
||||
|
|
|
@ -9,8 +9,6 @@ storage:
|
|||
directories:
|
||||
- path: /etc/container-service
|
||||
mode: 0700
|
||||
- path: /var/lib/container-service
|
||||
mode: 0700
|
||||
systemd:
|
||||
units:
|
||||
- name: container-build@.service
|
||||
|
|
|
@ -6,6 +6,7 @@ ConditionPathExists=/etc/container-service/%i/Containerfile
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=true
|
||||
Environment=PODMAN_BUILD_OPTIONS="--no-cache"
|
||||
ExecStart=/bin/podman build $PODMAN_BUILD_OPTIONS --file /etc/container-service/%i/Containerfile --tag localhost/%i:latest /etc/container-service/%i
|
||||
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
[Unit]
|
||||
Description=Initialize Dovecot POP3/IMAP server
|
||||
Wants=first-boot-complete.target mariadb-migrate@dovecot.service dovecot.service
|
||||
Wants=mariadb-migrate@dovecot.service dovecot.service
|
||||
After=mariadb-migrate@dovecot.service
|
||||
Before=first-boot-complete.target dovecot.service
|
||||
ConditionFirstBoot=true
|
||||
Before=dovecot.service
|
||||
ConditionKernelCommandLine=ignition.firstboot
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -8,12 +8,16 @@ ConditionPathExists=/etc/container-service/%i/service/%p.sql
|
|||
Type=oneshot
|
||||
EnvironmentFile=-/etc/container-service/%i/%i.env
|
||||
EnvironmentFile=/etc/container-service/mariadb/mariadb.env
|
||||
ExecStartPre=/bin/sh -c 'envsubst < %E/container-service/%i/service/%p.sql > /tmp/%N.sql'
|
||||
ExecStart=/bin/podman run --replace --pull never --rm --name mariadb-migrate-%i --net internal \
|
||||
--volume mariadb:/var/lib/mysql:z --volume /tmp:/tmp \
|
||||
--entrypoint mariadb localhost/mariadb:latest \
|
||||
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} -e 'source /tmp/%N.sql'
|
||||
ExecStartPost=/bin/rm -f /tmp/%N.sql
|
||||
ExecStartPre=/bin/install --mode 0700 --directory /tmp/%N
|
||||
ExecStartPre=/bin/sh -c 'envsubst < /etc/container-service/%i/service/%p.sql > /tmp/%N/migrate.sql'
|
||||
ExecStartPre=/bin/podman create --replace --pull never --rm --name mariadb-migrate-%i --net internal \
|
||||
--volume mariadb:/var/lib/mysql:z \
|
||||
--entrypoint mariadb localhost/mariadb:latest \
|
||||
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} -e 'source /migrate.sql'
|
||||
ExecStartPre=/bin/podman cp /tmp/%N/migrate.sql mariadb-migrate-%i:/migrate.sql
|
||||
ExecStart=/bin/podman start --attach mariadb-migrate-%i
|
||||
ExecStartPost=/bin/podman rm --force mariadb-migrate-%i
|
||||
ExecStartPost=/bin/rm -Rf /tmp/%N
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -13,7 +13,7 @@ ExecStart=/bin/podman run --replace --pull never --name %N --net internal \
|
|||
ExecStartPost=/bin/podman run --replace --pull never --rm --name %N-wait --net internal \
|
||||
--volume %N:/var/lib/mysql:z \
|
||||
--entrypoint mariadb-admin localhost/%N:latest \
|
||||
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=10 ping
|
||||
--host mariadb --user root --password=${MYSQL_ROOT_PASSWORD} --wait=30 ping
|
||||
ExecStop=/bin/podman stop --time 10 %N
|
||||
ExecStopPost=/bin/podman rm --force %N
|
||||
|
||||
|
|
|
@ -97,6 +97,11 @@ http {
|
|||
# https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
|
||||
keepalive_timeout 20s;
|
||||
|
||||
# The maximum size allowed for request bodies.
|
||||
# Default: 1m
|
||||
# http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
|
||||
client_max_body_size 32m;
|
||||
|
||||
# Speed up file transfers by using `sendfile()` to copy directly between
|
||||
# descriptors rather than using `read()`/`write()``.
|
||||
# For performance reasons, on FreeBSD systems w/ ZFS this option should be
|
||||
|
|
|
@ -5,6 +5,9 @@
|
|||
# Version 2 is current for Postfix > 3.2 configuration.
|
||||
compatibility_level = 2
|
||||
|
||||
# Log to standard output.
|
||||
maillog_file = /dev/stdout
|
||||
|
||||
# Base hostname used for this mail-server.
|
||||
myhostname = ${POSTFIX_HOST}
|
||||
myorigin = $mydomain
|
||||
|
|
|
@ -30,4 +30,5 @@ local unix - n n - - local
|
|||
virtual unix - n n - - virtual
|
||||
lmtp unix - - n - - lmtp
|
||||
anvil unix - - n - 1 anvil
|
||||
scache unix - - n - 1 scache
|
||||
scache unix - - n - 1 scache
|
||||
postlog unix-dgram n - n - 1 postlogd
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Log to standard error.
|
||||
(syslog-ng --no-caps --foreground) &
|
||||
(tail -F /var/log/mail.log) &
|
||||
|
||||
# Prepare configuration files for environment variable substitution.
|
||||
ENV_NAMES="`env | awk -F '=' '{printf "$%s ", $1}'`"
|
||||
for file in /etc/postfix/*.template; do
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
[Unit]
|
||||
Description=Initialize Prosody XMPP server
|
||||
Wants=first-boot-complete.target mariadb-migrate@prosody.service prosody.service
|
||||
Wants=mariadb-migrate@prosody.service prosody.service
|
||||
After=mariadb-migrate@prosody.service
|
||||
Before=first-boot-complete.target prosody.service
|
||||
ConditionFirstBoot=true
|
||||
Before=prosody.service
|
||||
ConditionKernelCommandLine=ignition.firstboot
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -8,7 +8,7 @@ Type=oneshot
|
|||
ExecStartPre=/bin/podman exec rspamd install -d /var/lib/rspamd/dkim
|
||||
ExecStart=/bin/podman exec rspamd openssl genrsa -out /var/lib/rspamd/dkim/%i.dkim.key 1024
|
||||
ExecStartPost=/bin/podman exec rspamd chmod 644 /var/lib/rspamd/dkim/%i.dkim.key
|
||||
ExecStartPost=/bin/podman exec rspamd sh -c 'echo "Public DKIM key:"; openssl rsa -in /var/lib/container-service/rspamd/dkim/%i.dkim.key -pubout -outform der 2> /dev/null | openssl base64 -A'
|
||||
ExecStartPost=/bin/podman exec rspamd sh -c 'echo "Public DKIM key:"; openssl rsa -in /var/lib/rspamd/dkim/%i.dkim.key -pubout -outform der 2> /dev/null | openssl base64 -A'
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM debian:stable-slim
|
||||
FROM docker.io/debian:stable-slim
|
||||
ARG VERSION=2.0.13
|
||||
|
||||
ENV BUILD_DEPS="curl gnupg apt-transport-https build-essential git libpurple-dev libglib2.0-dev libjson-glib-dev libhttp-parser-dev graphicsmagick-imagemagick-compat"
|
||||
|
|
Loading…
Reference in New Issue